OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Oxygen61 on November 03, 2017, 04:16:32 pm
-
Hello guys,
this is pretty urgent since i completely lost connection to the Internet.
Just for the record i have to say that i once tried to configure VPN, so that every traffic gets send out only on this interface but i had to rollback because it didn't went that well.
The problem is that my update from ver. 17.7.5 to 17.7.7+ worked but i got into many troubles with connection loss and TCP Traffic problems like HTTP and HTTPs.
Since today (early in the morning) the Firewall decided to not resolve any traffic anymore. I always get DNS resolve errors in any browser i use. I tried DNSmasq and Unbound, and rolled back from every configuration decision, which i thought was wrong since i started my vpn configuration journey until nothing was left and all was back to "normal" again with WAN as default Gateway.
To be sure i even Recovered older configs from timestamps, which i knew were good and working.
Still can't resolve any traffic but pings to 8.8.8.8 are working. My WAN_DHCP Gateway is up and running, there are NO error logs in the system Log or unbound/DNSmasq log or Gateway log besides this one:
apinger: Error while feeding rrdtool: Broken pipe
apinger: rrdtool respawning too fast, waiting 300s
Restarting ipsec tunnels
Reloading Filter
Restarting OpenVPN tunnels/interfaces WAN_DHCP
Traceroute to google.de started from the firewall itself (localhost) is not working:
traceroute: unknown host google.de
DNS lookup to google.de started from the Firewall itself (localhost) is not working aswell:
DNS lookup: no response
since there are no error logs in any DNS daemon iam not sure how to handle this DNS resolve issue.
I even restarted the firewall 3 times and restarted my modem.. nothing helped.
Gladly i once downloaded 17.7.5 so iam pretty sure that i could possibly resolve the issue by reinstalling everything (maybe using my config in best case)....
Any ideas? Otherwise i will go the reinstall "route" this afternoon :(
Best regards,
Oxy
-
Have you disabled all HW offloading? especially VLAN
You habe an all VLAN config right? With LACP
Try to disable LACP.
-
Reinstall it. You will be glad you did.
-
It isn‘t a windows system. That would be real sad if reinstalling fix things
-
TCP Traffic problems like HTTP and HTTPs.
I had similar problems after 17.7.7 update (i wrote about that in german forum)
where no TCP Traffic was working but could still connect via UDP OpenVPN.
But this wouldnt solve why you Cant resolve names DNS is UDP. (Sorry answering only from cellphone)
-
Before reinstalling you can also try the 18.1 FreeBSD 11.1 Kernel
-
Hey guys,
thanks NilsS for all your support but we found the issue, see here for the german thread of another guy who faced the same issue as i did today: https://forum.opnsense.org/index.php?topic=6305.0
It's just a huge big Vodafone ISP problem which still persists (constant ~10% packet loss WITHOUT VPN)
Thats probably the reason aswell, why my VPN setup is not working as expected. (we talked about that in the german thread). I ranted alot about many disconnects and problems regarding packet loss while using VPN.
Now i know why.... :-[
Aslong as Vodafone stays my primary ISP i won't be able to configure proper VPN settings i guess. :-[
Have you disabled all HW offloading? especially VLAN
i forgot to disable Hardware VLAN Filter offloading. I don't think that it will change much, but i guess in the end it's better for OPNsense to handle traffic when it gets processed by software instead of hardware NICs.
Reinstall it. You will be glad you did.
As NilsS already said i don't think that it would have changed much, but it would have been my last resort since the issue was not obvious to me.
Before reinstalling you can also try the 18.1 FreeBSD 11.1 Kernel
I thought about that, but i just don't want any more trouble than i already have now. :D
To sum up, i successfully did nothing, and it's now working "kinda" as expected besides these huge latency spikes and packet loss problems.
Maybe Vodafone got attacked or something? Who knows...
Thanks you all
Best regards,
Oxy
-
Aslong as Vodafone stays my primary ISP i won't be able to configure proper VPN settings i guess.
i dont really like vodafone, but my isp is also vodafone (Kabel Deutschland) and VPN is working without any problems.
-
How many people in your close neighborhood are also using Kabel Deutschland? Or in other words, do you have to share much traffic? Maybe you are just lucky. :D
My connection gets worse and worse from Friday to sunday evening, then it stays stable for 5 days and then repeat. :-/
-
Glad its up... I learn from other peoples pain, so I will try to remember what you did.
-
Hi xinnan,
Glad its up... I learn from other peoples pain, so I will try to remember what you did.
Thats good to here. Glady i found the error and can now successfully say that OPNsense is NOT the problem or my configuration. I have random dropouts, which got approved by customer support by now.
If you are running VPN or having really bad stable connections just check your ISP first and then check every OSI-Model Layer one by one.
- Can i reach the gateway inside my subnet? Can i reach other systems in different VLAN Subnets?
Are other people having the same issues like me?
- Can i ping outside of my internal network? Can i nslookup or traceroute into the internet successfully?
When Websites are not loading am i still able to check Email traffic or send Email traffic? (Protocoll error)
- Are there any in and/or out Errors occuring on any network device which could then lead to the option that the cable or NIC of this device is broken?
and so on...
Hope that helps :)
I had enough pain last few months... i would appreciate less pain. :P
best regards,
Oxy
-
Good point. Nothing works if the ISP is flakey.